All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.sentry.spring.jakarta.SentryRequestResolver Maven / Gradle / Ivy

There is a newer version: 8.0.0-rc.3
Show newest version
package io.sentry.spring.jakarta;

import com.jakewharton.nopen.annotation.Open;
import io.sentry.IScopes;
import io.sentry.ISentryLifecycleToken;
import io.sentry.SentryLevel;
import io.sentry.protocol.Request;
import io.sentry.util.AutoClosableReentrantLock;
import io.sentry.util.HttpUtils;
import io.sentry.util.Objects;
import io.sentry.util.UrlUtils;
import jakarta.servlet.ServletContext;
import jakarta.servlet.SessionCookieConfig;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Open
public class SentryRequestResolver {
  protected static final @NotNull AutoClosableReentrantLock staticLock =
      new AutoClosableReentrantLock();
  private final @NotNull IScopes scopes;
  private volatile @Nullable List extraSecurityCookies;

  public SentryRequestResolver(final @NotNull IScopes scopes) {
    this.scopes = Objects.requireNonNull(scopes, "options is required");
  }

  // httpRequest.getRequestURL() returns StringBuffer which is considered an obsolete class.
  @SuppressWarnings("JdkObsolete")
  public @NotNull Request resolveSentryRequest(final @NotNull HttpServletRequest httpRequest) {
    final Request sentryRequest = new Request();
    sentryRequest.setMethod(httpRequest.getMethod());
    final @NotNull UrlUtils.UrlDetails urlDetails =
        UrlUtils.parse(httpRequest.getRequestURL().toString());
    urlDetails.applyToRequest(sentryRequest);
    sentryRequest.setQueryString(httpRequest.getQueryString());
    final @NotNull List additionalSecurityCookieNames =
        extractSecurityCookieNamesOrUseCached(httpRequest);
    sentryRequest.setHeaders(resolveHeadersMap(httpRequest, additionalSecurityCookieNames));

    if (scopes.getOptions().isSendDefaultPii()) {
      String cookieName = HttpUtils.COOKIE_HEADER_NAME;
      final @Nullable List filteredHeaders =
          HttpUtils.filterOutSecurityCookiesFromHeader(
              httpRequest.getHeaders(cookieName), cookieName, additionalSecurityCookieNames);
      sentryRequest.setCookies(toString(filteredHeaders));
    }
    return sentryRequest;
  }

  @NotNull
  Map resolveHeadersMap(
      final @NotNull HttpServletRequest request,
      final @NotNull List additionalSecurityCookieNames) {
    final Map headersMap = new HashMap<>();
    for (String headerName : Collections.list(request.getHeaderNames())) {
      // do not copy personal information identifiable headers
      if (scopes.getOptions().isSendDefaultPii()
          || !HttpUtils.containsSensitiveHeader(headerName)) {
        final @Nullable List filteredHeaders =
            HttpUtils.filterOutSecurityCookiesFromHeader(
                request.getHeaders(headerName), headerName, additionalSecurityCookieNames);
        headersMap.put(headerName, toString(filteredHeaders));
      }
    }
    return headersMap;
  }

  private List extractSecurityCookieNamesOrUseCached(
      final @NotNull HttpServletRequest httpRequest) {
    if (extraSecurityCookies == null) {
      try (final @NotNull ISentryLifecycleToken ignored = staticLock.acquire()) {
        if (extraSecurityCookies == null) {
          extraSecurityCookies = extractSecurityCookieNames(httpRequest);
        }
      }
    }

    return extraSecurityCookies;
  }

  private List extractSecurityCookieNames(final @NotNull HttpServletRequest httpRequest) {
    try {
      final @Nullable ServletContext servletContext = httpRequest.getServletContext();
      if (servletContext != null) {
        final @Nullable SessionCookieConfig sessionCookieConfig =
            servletContext.getSessionCookieConfig();
        if (sessionCookieConfig != null) {
          final @Nullable String cookieName = sessionCookieConfig.getName();
          if (cookieName != null) {
            return Arrays.asList(cookieName);
          }
        }
      }
    } catch (Throwable t) {
      scopes
          .getOptions()
          .getLogger()
          .log(SentryLevel.WARNING, "Failed to extract session cookie name from request.", t);
    }

    return Collections.emptyList();
  }

  private static @Nullable String toString(final @Nullable List list) {
    return list != null ? String.join(",", list) : null;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy